[ 69.756418][ T27] audit: type=1800 audit(1579380660.044:24): pid=9613 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2454 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 70.387004][ T27] audit: type=1800 audit(1579380660.824:25): pid=9613 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 70.408481][ T27] audit: type=1800 audit(1579380660.824:26): pid=9613 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 81.218431][ T9770] ================================================================== [ 81.226678][ T9770] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_list+0x635/0x1080 [ 81.234924][ T9770] Read of size 8 at addr ffff8880a68cbf80 by task syz-executor152/9770 [ 81.243211][ T9770] [ 81.245531][ T9770] CPU: 1 PID: 9770 Comm: syz-executor152 Not tainted 5.5.0-rc6-syzkaller #0 [ 81.254194][ T9770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.264371][ T9770] Call Trace: [ 81.267698][ T9770] dump_stack+0x197/0x210 [ 81.272033][ T9770] ? bitmap_ipmac_list+0x635/0x1080 [ 81.277264][ T9770] print_address_description.constprop.0.cold+0xd4/0x30b [ 81.284273][ T9770] ? bitmap_ipmac_list+0x635/0x1080 [ 81.289477][ T9770] ? bitmap_ipmac_list+0x635/0x1080 [ 81.294705][ T9770] __kasan_report.cold+0x1b/0x41 [ 81.299648][ T9770] ? bitmap_ipmac_list+0x635/0x1080 [ 81.304851][ T9770] kasan_report+0x12/0x20 [ 81.309252][ T9770] check_memory_region+0x134/0x1a0 [ 81.314363][ T9770] __kasan_check_read+0x11/0x20 [ 81.319238][ T9770] bitmap_ipmac_list+0x635/0x1080 [ 81.324270][ T9770] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 81.329389][ T9770] ? nla_put+0x110/0x150 [ 81.333650][ T9770] ip_set_dump_start+0x96c/0x1ca0 [ 81.338725][ T9770] ? ip_set_rename+0x720/0x720 [ 81.343492][ T9770] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 81.349053][ T9770] ? perf_trace_lock_acquire+0x4c0/0x530 [ 81.354761][ T9770] ? __kasan_check_write+0x14/0x20 [ 81.359874][ T9770] netlink_dump+0x558/0xfb0 [ 81.364383][ T9770] ? __netlink_sendskb+0xc0/0xc0 [ 81.369335][ T9770] __netlink_dump_start+0x66a/0x930 [ 81.374540][ T9770] ip_set_dump+0x15a/0x1d0 [ 81.378958][ T9770] ? call_ad+0x5a0/0x5a0 [ 81.383201][ T9770] ? ip_set_rename+0x720/0x720 [ 81.387954][ T9770] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 81.394169][ T9770] ? call_ad+0x5a0/0x5a0 [ 81.398414][ T9770] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 81.403363][ T9770] ? nfnetlink_bind+0x2c0/0x2c0 [ 81.408214][ T9770] ? __kasan_check_read+0x11/0x20 [ 81.413285][ T9770] ? __lock_acquire+0x8a0/0x4a00 [ 81.418289][ T9770] ? save_stack+0x5c/0x90 [ 81.422629][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.428956][ T9770] ? apparmor_capable+0x497/0x900 [ 81.433985][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.440278][ T9770] ? __kasan_check_read+0x11/0x20 [ 81.445291][ T9770] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 81.450752][ T9770] netlink_rcv_skb+0x177/0x450 [ 81.455635][ T9770] ? nfnetlink_bind+0x2c0/0x2c0 [ 81.460486][ T9770] ? netlink_ack+0xb50/0xb50 [ 81.465080][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.471325][ T9770] ? ns_capable_common+0x93/0x100 [ 81.476352][ T9770] ? ns_capable+0x20/0x30 [ 81.480713][ T9770] ? __netlink_ns_capable+0x104/0x140 [ 81.486093][ T9770] nfnetlink_rcv+0x1ba/0x460 [ 81.490692][ T9770] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 81.496153][ T9770] ? netlink_deliver_tap+0x24a/0xbe0 [ 81.501485][ T9770] ? __kasan_check_write+0x14/0x20 [ 81.506603][ T9770] netlink_unicast+0x58c/0x7d0 [ 81.511391][ T9770] ? netlink_attachskb+0x870/0x870 [ 81.516510][ T9770] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 81.522351][ T9770] ? __check_object_size+0x3d/0x437 [ 81.527548][ T9770] netlink_sendmsg+0x91c/0xea0 [ 81.532498][ T9770] ? netlink_unicast+0x7d0/0x7d0 [ 81.537432][ T9770] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 81.542981][ T9770] ? apparmor_socket_sendmsg+0x2a/0x30 [ 81.548438][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.554722][ T9770] ? security_socket_sendmsg+0x8d/0xc0 [ 81.560443][ T9770] ? netlink_unicast+0x7d0/0x7d0 [ 81.565533][ T9770] sock_sendmsg+0xd7/0x130 [ 81.569958][ T9770] ____sys_sendmsg+0x753/0x880 [ 81.574716][ T9770] ? kernel_sendmsg+0x50/0x50 [ 81.579379][ T9770] ? lockdep_init_map+0x1be/0x6d0 [ 81.584430][ T9770] ___sys_sendmsg+0x100/0x170 [ 81.589113][ T9770] ? sendmsg_copy_msghdr+0x70/0x70 [ 81.594256][ T9770] ? __kasan_check_read+0x11/0x20 [ 81.599274][ T9770] ? __lock_acquire+0x8a0/0x4a00 [ 81.604332][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.610723][ T9770] ? __this_cpu_preempt_check+0x35/0x190 [ 81.616374][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.622621][ T9770] ? percpu_counter_add_batch+0x13c/0x190 [ 81.628338][ T9770] ? __fd_install+0x1bc/0x640 [ 81.633124][ T9770] ? find_held_lock+0x35/0x130 [ 81.637888][ T9770] ? __fd_install+0x1bc/0x640 [ 81.642600][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.648829][ T9770] ? __fget_light+0x1a9/0x230 [ 81.653508][ T9770] ? __fdget+0x1b/0x20 [ 81.657568][ T9770] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 81.663803][ T9770] __sys_sendmsg+0x105/0x1d0 [ 81.668428][ T9770] ? __sys_sendmsg_sock+0xc0/0xc0 [ 81.673558][ T9770] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 81.679011][ T9770] ? do_fast_syscall_32+0xd1/0xe16 [ 81.684120][ T9770] ? entry_SYSENTER_compat+0x70/0x7f [ 81.689397][ T9770] ? do_fast_syscall_32+0xd1/0xe16 [ 81.694506][ T9770] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 81.699963][ T9770] do_fast_syscall_32+0x27b/0xe16 [ 81.704989][ T9770] entry_SYSENTER_compat+0x70/0x7f [ 81.710162][ T9770] RIP: 0023:0xf7f07a39 [ 81.714234][ T9770] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 81.734099][ T9770] RSP: 002b:00000000ffbdfbac EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 81.742708][ T9770] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000440 [ 81.750682][ T9770] RDX: 0000000000000000 RSI: 00000000080ea080 RDI: 00000000ffbdfc00 [ 81.758754][ T9770] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 81.766826][ T9770] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 81.774833][ T9770] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 81.782934][ T9770] [ 81.785261][ T9770] Allocated by task 9770: [ 81.789593][ T9770] save_stack+0x23/0x90 [ 81.793734][ T9770] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 81.799359][ T9770] kasan_kmalloc+0x9/0x10 [ 81.803686][ T9770] __kmalloc+0x163/0x770 [ 81.807937][ T9770] ip_set_alloc+0x38/0x5e [ 81.812252][ T9770] bitmap_ipmac_create+0x4e8/0xa00 [ 81.817355][ T9770] ip_set_create+0x6f1/0x1500 [ 81.822035][ T9770] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 81.826973][ T9770] netlink_rcv_skb+0x177/0x450 [ 81.831746][ T9770] nfnetlink_rcv+0x1ba/0x460 [ 81.836338][ T9770] netlink_unicast+0x58c/0x7d0 [ 81.841098][ T9770] netlink_sendmsg+0x91c/0xea0 [ 81.846134][ T9770] sock_sendmsg+0xd7/0x130 [ 81.850542][ T9770] ____sys_sendmsg+0x753/0x880 [ 81.855317][ T9770] ___sys_sendmsg+0x100/0x170 [ 81.859985][ T9770] __sys_sendmsg+0x105/0x1d0 [ 81.864724][ T9770] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 81.870233][ T9770] do_fast_syscall_32+0x27b/0xe16 [ 81.875261][ T9770] entry_SYSENTER_compat+0x70/0x7f [ 81.880427][ T9770] [ 81.882751][ T9770] Freed by task 9439: [ 81.886738][ T9770] save_stack+0x23/0x90 [ 81.890879][ T9770] __kasan_slab_free+0x102/0x150 [ 81.895822][ T9770] kasan_slab_free+0xe/0x10 [ 81.900372][ T9770] kfree+0x10a/0x2c0 [ 81.904249][ T9770] tomoyo_path_perm+0x24e/0x430 [ 81.909094][ T9770] tomoyo_inode_getattr+0x1d/0x30 [ 81.914158][ T9770] security_inode_getattr+0xf2/0x150 [ 81.919438][ T9770] vfs_getattr+0x25/0x70 [ 81.923681][ T9770] vfs_statx+0x157/0x200 [ 81.927915][ T9770] __do_sys_newstat+0xa4/0x130 [ 81.932736][ T9770] __x64_sys_newstat+0x54/0x80 [ 81.937484][ T9770] do_syscall_64+0xfa/0x790 [ 81.941978][ T9770] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.947848][ T9770] [ 81.950166][ T9770] The buggy address belongs to the object at ffff8880a68cbf80 [ 81.950166][ T9770] which belongs to the cache kmalloc-32 of size 32 [ 81.964041][ T9770] The buggy address is located 0 bytes inside of [ 81.964041][ T9770] 32-byte region [ffff8880a68cbf80, ffff8880a68cbfa0) [ 81.977038][ T9770] The buggy address belongs to the page: [ 81.982659][ T9770] page:ffffea00029a32c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a68cbfc1 [ 81.993064][ T9770] raw: 00fffe0000000200 ffffea00029a6c08 ffffea000264ae88 ffff8880aa4001c0 [ 82.001689][ T9770] raw: ffff8880a68cbfc1 ffff8880a68cb000 000000010000002b 0000000000000000 [ 82.010261][ T9770] page dumped because: kasan: bad access detected [ 82.016664][ T9770] [ 82.019243][ T9770] Memory state around the buggy address: [ 82.024865][ T9770] ffff8880a68cbe80: 04 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc [ 82.032934][ T9770] ffff8880a68cbf00: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 82.040987][ T9770] >ffff8880a68cbf80: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.049027][ T9770] ^ [ 82.053123][ T9770] ffff8880a68cc000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.061178][ T9770] ffff8880a68cc080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 82.069226][ T9770] ================================================================== [ 82.077446][ T9770] Disabling lock debugging due to kernel taint [ 82.084069][ T9770] Kernel panic - not syncing: panic_on_warn set ... [ 82.090665][ T9770] CPU: 1 PID: 9770 Comm: syz-executor152 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 82.100736][ T9770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.110781][ T9770] Call Trace: [ 82.114066][ T9770] dump_stack+0x197/0x210 [ 82.118429][ T9770] panic+0x2e3/0x75c [ 82.122350][ T9770] ? add_taint.cold+0x16/0x16 [ 82.127019][ T9770] ? bitmap_ipmac_list+0x635/0x1080 [ 82.132213][ T9770] ? preempt_schedule+0x4b/0x60 [ 82.137073][ T9770] ? ___preempt_schedule+0x16/0x18 [ 82.142220][ T9770] ? trace_hardirqs_on+0x5e/0x240 [ 82.147372][ T9770] ? bitmap_ipmac_list+0x635/0x1080 [ 82.152574][ T9770] end_report+0x47/0x4f [ 82.156715][ T9770] ? bitmap_ipmac_list+0x635/0x1080 [ 82.161909][ T9770] __kasan_report.cold+0xe/0x41 [ 82.166752][ T9770] ? bitmap_ipmac_list+0x635/0x1080 [ 82.171972][ T9770] kasan_report+0x12/0x20 [ 82.176359][ T9770] check_memory_region+0x134/0x1a0 [ 82.181464][ T9770] __kasan_check_read+0x11/0x20 [ 82.186410][ T9770] bitmap_ipmac_list+0x635/0x1080 [ 82.191427][ T9770] ? bitmap_ipmac_head+0x8a0/0x8a0 [ 82.196536][ T9770] ? nla_put+0x110/0x150 [ 82.200779][ T9770] ip_set_dump_start+0x96c/0x1ca0 [ 82.205798][ T9770] ? ip_set_rename+0x720/0x720 [ 82.210679][ T9770] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 82.216218][ T9770] ? perf_trace_lock_acquire+0x4c0/0x530 [ 82.221904][ T9770] ? __kasan_check_write+0x14/0x20 [ 82.227014][ T9770] netlink_dump+0x558/0xfb0 [ 82.231514][ T9770] ? __netlink_sendskb+0xc0/0xc0 [ 82.236484][ T9770] __netlink_dump_start+0x66a/0x930 [ 82.241758][ T9770] ip_set_dump+0x15a/0x1d0 [ 82.246178][ T9770] ? call_ad+0x5a0/0x5a0 [ 82.250474][ T9770] ? ip_set_rename+0x720/0x720 [ 82.255278][ T9770] ? __ip_set_put_netlink.isra.0+0x90/0x90 [ 82.261079][ T9770] ? call_ad+0x5a0/0x5a0 [ 82.265309][ T9770] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 82.270242][ T9770] ? nfnetlink_bind+0x2c0/0x2c0 [ 82.275077][ T9770] ? __kasan_check_read+0x11/0x20 [ 82.280135][ T9770] ? __lock_acquire+0x8a0/0x4a00 [ 82.285070][ T9770] ? save_stack+0x5c/0x90 [ 82.289498][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.295724][ T9770] ? apparmor_capable+0x497/0x900 [ 82.300731][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.306951][ T9770] ? __kasan_check_read+0x11/0x20 [ 82.311953][ T9770] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 82.317452][ T9770] netlink_rcv_skb+0x177/0x450 [ 82.322226][ T9770] ? nfnetlink_bind+0x2c0/0x2c0 [ 82.327073][ T9770] ? netlink_ack+0xb50/0xb50 [ 82.331726][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.337959][ T9770] ? ns_capable_common+0x93/0x100 [ 82.343044][ T9770] ? ns_capable+0x20/0x30 [ 82.347362][ T9770] ? __netlink_ns_capable+0x104/0x140 [ 82.352755][ T9770] nfnetlink_rcv+0x1ba/0x460 [ 82.357344][ T9770] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 82.362840][ T9770] ? netlink_deliver_tap+0x24a/0xbe0 [ 82.368229][ T9770] ? __kasan_check_write+0x14/0x20 [ 82.373439][ T9770] netlink_unicast+0x58c/0x7d0 [ 82.378200][ T9770] ? netlink_attachskb+0x870/0x870 [ 82.383355][ T9770] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 82.389070][ T9770] ? __check_object_size+0x3d/0x437 [ 82.394275][ T9770] netlink_sendmsg+0x91c/0xea0 [ 82.399035][ T9770] ? netlink_unicast+0x7d0/0x7d0 [ 82.403969][ T9770] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 82.409513][ T9770] ? apparmor_socket_sendmsg+0x2a/0x30 [ 82.415016][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.421253][ T9770] ? security_socket_sendmsg+0x8d/0xc0 [ 82.427221][ T9770] ? netlink_unicast+0x7d0/0x7d0 [ 82.432141][ T9770] sock_sendmsg+0xd7/0x130 [ 82.436559][ T9770] ____sys_sendmsg+0x753/0x880 [ 82.441320][ T9770] ? kernel_sendmsg+0x50/0x50 [ 82.446030][ T9770] ? lockdep_init_map+0x1be/0x6d0 [ 82.451049][ T9770] ___sys_sendmsg+0x100/0x170 [ 82.455718][ T9770] ? sendmsg_copy_msghdr+0x70/0x70 [ 82.460879][ T9770] ? __kasan_check_read+0x11/0x20 [ 82.465905][ T9770] ? __lock_acquire+0x8a0/0x4a00 [ 82.470840][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.477066][ T9770] ? __this_cpu_preempt_check+0x35/0x190 [ 82.482752][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.488991][ T9770] ? percpu_counter_add_batch+0x13c/0x190 [ 82.494744][ T9770] ? __fd_install+0x1bc/0x640 [ 82.499462][ T9770] ? find_held_lock+0x35/0x130 [ 82.504224][ T9770] ? __fd_install+0x1bc/0x640 [ 82.508952][ T9770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.515195][ T9770] ? __fget_light+0x1a9/0x230 [ 82.519859][ T9770] ? __fdget+0x1b/0x20 [ 82.523934][ T9770] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 82.530207][ T9770] __sys_sendmsg+0x105/0x1d0 [ 82.534845][ T9770] ? __sys_sendmsg_sock+0xc0/0xc0 [ 82.539890][ T9770] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 82.545333][ T9770] ? do_fast_syscall_32+0xd1/0xe16 [ 82.550442][ T9770] ? entry_SYSENTER_compat+0x70/0x7f [ 82.555729][ T9770] ? do_fast_syscall_32+0xd1/0xe16 [ 82.560841][ T9770] __ia32_compat_sys_sendmsg+0x7a/0xb0 [ 82.566413][ T9770] do_fast_syscall_32+0x27b/0xe16 [ 82.571437][ T9770] entry_SYSENTER_compat+0x70/0x7f [ 82.576674][ T9770] RIP: 0023:0xf7f07a39 [ 82.580735][ T9770] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 82.600357][ T9770] RSP: 002b:00000000ffbdfbac EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 82.608881][ T9770] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000440 [ 82.616850][ T9770] RDX: 0000000000000000 RSI: 00000000080ea080 RDI: 00000000ffbdfc00 [ 82.624817][ T9770] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 82.632786][ T9770] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 82.640754][ T9770] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 82.650231][ T9770] Kernel Offset: disabled [ 82.654635][ T9770] Rebooting in 86400 seconds..